diff --git a/web/admin.php b/web/admin.php
index 7517f3fe74..5b53a33a44 100644
--- a/web/admin.php
+++ b/web/admin.php
@@ -473,7 +473,7 @@ function generate_new_room_form()
                     echo "<td><div>" . htmlspecialchars($r[$field['name']] ?? '') . "</div></td>\n";
                     break;
                   case 'capacity':
-                    echo "<td class=\"int\"><div>" . $r[$field['name']] . "</div></td>\n";
+                    echo "<td class=\"int\"><div>" . htmlspecialchars($r[$field['name']] ?? '') . "</div></td>\n";
                     break;
                   case 'invalid_types':
                     echo "<td><div>" . get_type_names($r[$field['name']]) . "</div></td>\n";
@@ -491,7 +491,7 @@ function generate_new_room_form()
                     elseif (($field['nature'] == 'integer') && isset($field['length']) && ($field['length'] > 2))
                     {
                       // integer values
-                      echo "<td class=\"int\"><div>" . $r[$field['name']] . "</div></td>\n";
+                      echo "<td class=\"int\"><div>" . htmlspecialchars($r[$field['name']] ?? '') . "</div></td>\n";
                     }
                     else
                     {